http://mnin.blogspot.com/2009/05/volatility-plug-in-for-iateatinline.html Michael Hale Ligh has created another new Volatility plugin for malware analysts. This plug-in called usermode_hooks.py can be used to detect IAT/EAT/Inline rootkit hooks in usermode processes. I'm sure he would appreciate testing help and any feedback you are able to provide. Shouts to MHL! Thanks, AW